[gentoo-commits] dev/anarchy:master commit in: sys-process/audit/files/, sys-process/audit/

["Jory Pratt" <anarchy@gentoo.org>]

commit:     912a8f03efe89c761f920312b3d193ae127a32c0
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 23 14:49:37 2012 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Mon Jul 23 14:49:37 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/anarchy.git;a=commit;h=912a8f03

Add sys-process/audit-2.2.1 support

---
 sys-process/audit/Manifest                       |    8 +
 sys-process/audit/audit-2.2.1.ebuild             |  164 ++++++++++++++++++++++
 sys-process/audit/files/audit-2.1.3-python.patch |   24 +++
 sys-process/audit/files/audit.rules-2.1.3        |   26 ++++
 sys-process/audit/files/audit.rules.stop.post    |   13 ++
 sys-process/audit/files/audit.rules.stop.pre     |   16 ++
 sys-process/audit/files/auditd-conf.d-2.1.3      |   23 +++
 sys-process/audit/files/auditd-init.d-2.2.1      |  100 +++++++++++++
 8 files changed, 374 insertions(+), 0 deletions(-)

diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
new file mode 100644
index 0000000..f088356
--- /dev/null
+++ b/sys-process/audit/Manifest
@@ -0,0 +1,8 @@
+AUX audit-2.1.3-python.patch 1353 SHA256 de214516fc107d8bfb19fcaf39d87776d9655a153e8e8b993a725f34dbe91ce5 SHA512 01e071c4219e1ea186207be883e08811021465cf18cdc2d18dcd1c61be372f2061b7f18f104dfb21ae94d363153f81133e768ddac8953703198bcda257f827eb WHIRLPOOL 4555e5b2f00a7470bb52a0813fcadf85e334f181f68414011629e95b7143bc07c83e94aa814bd4b6fc91a3add1b18444d97b24ecb7590e1884d663cf9bcf6203
+AUX audit.rules-2.1.3 1126 SHA256 8bf7f9cac7d2a47d3ff51d2a2b227588820831b5ef7c2e3d058b097d4d65eeb0 SHA512 be4a064ab9b9edfc02df3c2d3a29c4e8ffd031ce10adcf274a548ecd414b95b2aeebc54cf5aef9c04dcc121adea7b8fe63b7d153cd80f552e5f0605459a83901 WHIRLPOOL 7295ba3bc78394f4882f24fa8f3acd62fbd08543e618a260a308b2b8b350ced41d7fa9ce19a791fb0bb879a09dd4153a6e869f64ab927c7d4e2683e5f47b36d5
+AUX audit.rules.stop.post 573 SHA256 4c2e0be1a63b6800396e31153a899d4e3f2db1cee41b4dd271064dc97521edfe SHA512 a2cb699892aef006b102613b3b96ea24533437cd0927933f5520cccf28a088beef74a0ffcc74d402d4a4882fac2e59714ff537e310990956a6f56aacacaf13fd WHIRLPOOL bc13f844437980cd7d0ee4e8a1f0ad6a5e1ec1be8cd5159adb761c1f64c99f73dff6541a265e1b06fbce53988714ffbb2b0b61f91eb1fcbf081fbdeb30e8148d
+AUX audit.rules.stop.pre 547 SHA256 ec2c402d3d2b886c680259145696ad46c451dd1aed533906fdac69e30123c35f SHA512 8f0746b215a6ef1207beea2f3f73d536cfc0df58bfa55362c27c8b7ba56bf23eba2ebcf897f68b65b998c9fb090ea5d21b1d5dabc05cf0ac6e07c83f8459792d WHIRLPOOL a0563754ab170d22e78a2148afb006c55a243c809e8349a84cdafc7120446c4659bb5525338c5765a95f565ec61802cd91c308686cef3707a098bf78ab3f7ac9
+AUX auditd-conf.d-2.1.3 853 SHA256 f64186229238dd589b1fa5f72503000628b8f4f6655bdc3105b2fdbb17f6458f SHA512 3a47f7e091dc60f563d9be0027a4d1723485e7235178ffef544d39dd69de98a6283537a5649f9e2e5703a43202f77c7ff26608a653ad9d283f04bb2058fe1f45 WHIRLPOOL 29d16ead845aff5f9aac396697af2d7dd80ab39fa70fa35cc41187e9a9b43dddc0c0fdd469ffdf66a72ec1602b4faedde8158d911e95025701514c024fc6e3d9
+AUX auditd-init.d-2.2.1 2349 SHA256 2bb5bdab536d7a0e7741fc9c9ca75d12ab1f884c20ad9bbf544371ea63ee6a7f SHA512 dbb856f9d1e3ff0686e0f37613cbbfc980637afa8057db233ea4d13938ac03d71083dbaf04addab44669b7b452bc9561287cb815e2a21f83af13e2c9235dc148 WHIRLPOOL 3fb2ff0a7777ed147e0ae6c63fca074b0037a3cab6f4b3334b4a953eff2470676b9b876f0cb967666173a21edbe8327e8fe0826909c70aac2991623ee213fd84
+DIST audit-2.2.1.tar.gz 877202 SHA256 9865ca89f5b975ccf25441ddf45a874448f2bba944005aa8cd5e3c3148713a63 SHA512 e9a368529e28c87a37bfb16244a9e5c420c3e6830b47077465856a59069a26dc2d2cb77b63c9b3101d6c15a4906ca96b4f41300d6deaf4f5b02bc360c044168c WHIRLPOOL 93afdb2c846589731289321f38cc7b4027d138009fe5dbcbf77dcfbc25821400114168b1e72f735a2f2df1ab4fd7b04e58eab2529ca7596501c1b9551b558b38
+EBUILD audit-2.2.1.ebuild 4093 SHA256 bf7a8463c050728f62d05b9995a152155dabb0d090c9d15c2195a8fbdac185bd SHA512 0ffe4d7a7bad6f0654c7c6302faff5fd25131a10389f6c180de54bbcad087b367896aa83f2be1ede887f2b6bb56f1b3a83bfe2cd1d91fdf36ef2bf8d7e2a42ec WHIRLPOOL 70d142d629423f6bb367be5584c190e96a41f493e7309971e8395664afcf74f074453fe99e270de953d2140609f8de489a84a4fc749b19a622c5093f1c139987

diff --git a/sys-process/audit/audit-2.2.1.ebuild b/sys-process/audit/audit-2.2.1.ebuild
new file mode 100644
index 0000000..b2e406d
--- /dev/null
+++ b/sys-process/audit/audit-2.2.1.ebuild
@@ -0,0 +1,164 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-2.1.3-r1.ebuild,v 1.8 2012/07/03 19:48:08 jer Exp $
+
+EAPI="3"
+PYTHON_DEPEND="python? 2"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="3.* *-jython 2.7-pypy-*"
+
+inherit autotools multilib toolchain-funcs python linux-info eutils
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="http://people.redhat.com/sgrubb/audit/"
+SRC_URI="http://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 hppa ~ia64 ~mips ppc ~ppc64 ~sparc x86"
+IUSE="ldap prelude python"
+# Testcases are pretty useless as they are built for RedHat users/groups and
+# kernels.
+RESTRICT="test"
+
+RDEPEND="ldap? ( net-nds/openldap )
+		 prelude? ( dev-libs/libprelude )
+		 sys-libs/libcap-ng"
+DEPEND="${RDEPEND}
+	python? ( dev-lang/swig )
+	>=sys-kernel/linux-headers-2.6.34"
+# Do not use os-headers as this is linux specific
+
+CONFIG_CHECK="~AUDIT"
+PYTHON_DIRS="bindings/python swig"
+
+pkg_setup() {
+	linux-info_pkg_setup
+	use python && python_pkg_setup
+}
+
+src_prepare() {
+	# Do not build GUI tools
+	sed -i \
+		-e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \
+		"${S}"/configure.ac || die
+	sed -i \
+		-e 's,system-config-audit,,g' \
+		"${S}"/Makefile.am || die
+	rm -rf "${S}"/system-config-audit
+
+	if ! use ldap; then
+		sed -i \
+			-e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \
+			"${S}"/configure.ac || die
+		sed -i \
+			-e '/^SUBDIRS/s,zos-remote,,g' \
+			"${S}"/audisp/plugins/Makefile.am || die
+	fi
+
+	# Don't build static version of Python module.
+	epatch "${FILESDIR}"/${PN}-2.1.3-python.patch
+
+	# Python bindings are built/installed manually.
+	sed -e "/^SUBDIRS =/s/ python//" -i bindings/Makefile.am
+	sed -e "/^SUBDIRS =/s/ swig//" -i Makefile.am
+
+	# Regenerate autotooling
+	eautoreconf
+
+	# Disable byte-compilation of Python modules.
+	echo "#!/bin/sh" > py-compile
+
+	# Bug 352198: Avoid parallel build fail
+	cd "${S}"/src/mt
+	[[ ! -s private.h ]] && ln -s ../../lib/private.h .
+}
+
+src_configure() {
+	#append-flags -D'__attribute__(x)='
+	econf --sbindir=/sbin $(use_with prelude)
+}
+
+src_compile_python() {
+	python_copy_sources ${PYTHON_DIRS}
+
+	building() {
+		emake \
+			PYTHON_VERSION="$(python_get_version)" \
+			pyexecdir="$(python_get_sitedir)"
+	}
+	local dir
+	for dir in ${PYTHON_DIRS}; do
+		python_execute_function -s --source-dir ${dir} building
+	done
+}
+
+src_compile() {
+	default
+	use python && src_compile_python
+}
+
+src_install_python() {
+	installation() {
+		emake \
+			DESTDIR="${D}" \
+			PYTHON_VERSION="$(python_get_version)" \
+			pyexecdir="$(python_get_sitedir)" \
+			install
+	}
+	local dir
+	for dir in ${PYTHON_DIRS}; do
+		python_execute_function -s --source-dir ${dir} installation
+	done
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+	use python && src_install_python
+
+	dodoc AUTHORS ChangeLog README* THANKS TODO
+	docinto contrib
+	dodoc contrib/{*.rules,avc_snap,skeleton.c}
+	docinto contrib/plugin
+	dodoc contrib/plugin/*
+
+	newinitd "${FILESDIR}"/auditd-init.d-2.2.1 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+	# things like shadow use this so we need to be in /
+	gen_usr_ldscript -a audit auparse
+
+	# remove RedHat garbage
+	rm -r "${D}"/etc/{rc.d,sysconfig} || die
+
+	# Gentoo rules
+	insinto /etc/audit/
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
+
+	# audit logs go here
+	keepdir /var/log/audit/
+
+	# Security
+	lockdown_perms "${D}"
+
+	# Don't install .la files in Python directories.
+	use python && python_clean_installation_image
+}
+
+pkg_postinst() {
+	lockdown_perms "${ROOT}"
+	use python && python_mod_optimize audit.py
+}
+
+pkg_postrm() {
+	use python && python_mod_cleanup audit.py
+}
+
+lockdown_perms() {
+	# upstream wants these to have restrictive perms
+	basedir="$1"
+	chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
+	chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null
+	chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null
+}

diff --git a/sys-process/audit/files/audit-2.1.3-python.patch b/sys-process/audit/files/audit-2.1.3-python.patch
new file mode 100644
index 0000000..a9feec1
--- /dev/null
+++ b/sys-process/audit/files/audit-2.1.3-python.patch
@@ -0,0 +1,24 @@
+diff -Nuar --exclude '*.orig' audit-2.1.3.orig/bindings/python/Makefile.am audit-2.1.3/bindings/python/Makefile.am
+--- audit-2.1.3.orig/bindings/python/Makefile.am	2011-08-15 17:31:01.000000000 +0000
++++ audit-2.1.3/bindings/python/Makefile.am	2011-09-10 19:01:36.974983756 +0000
+@@ -27,5 +27,6 @@
+ 
+ auparse_la_SOURCES = auparse_python.c
+ auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS) -I/usr/include/python$(PYTHON_VERSION) -fno-strict-aliasing
+-auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
++auparse_la_CFLAGS = -shared
++auparse_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro
+ auparse_la_LIBADD = ../../auparse/libauparse.la ../../lib/libaudit.la
+diff -Nuar --exclude '*.orig' audit-2.1.3.orig/swig/Makefile.am audit-2.1.3/swig/Makefile.am
+--- audit-2.1.3.orig/swig/Makefile.am	2011-08-15 17:31:03.000000000 +0000
++++ audit-2.1.3/swig/Makefile.am	2011-09-10 19:02:14.095067690 +0000
+@@ -28,7 +28,8 @@
+ pyexec_PYTHON = audit.py
+ pyexec_LTLIBRARIES = _audit.la
+ pyexec_SOLIBRARIES = _audit.so
+-_audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
++_audit_la_CFLAGS = -shared
++_audit_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro
+ _audit_la_HEADERS: $(top_builddir)/config.h 
+ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la
+ nodist__audit_la_SOURCES  = audit_wrap.c

diff --git a/sys-process/audit/files/audit.rules-2.1.3 b/sys-process/audit/files/audit.rules-2.1.3
new file mode 100644
index 0000000..b2b4f02
--- /dev/null
+++ b/sys-process/audit/files/audit.rules-2.1.3
@@ -0,0 +1,26 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:

diff --git a/sys-process/audit/files/audit.rules.stop.post b/sys-process/audit/files/audit.rules.stop.post
new file mode 100644
index 0000000..34db08c
--- /dev/null
+++ b/sys-process/audit/files/audit.rules.stop.post
@@ -0,0 +1,13 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.post,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:

diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre
new file mode 100644
index 0000000..c5fb4f9
--- /dev/null
+++ b/sys-process/audit/files/audit.rules.stop.pre
@@ -0,0 +1,16 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.2 2011/09/11 02:58:55 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# Disable kernel generating audit events
+-e 0
+
+# vim:ft=conf:

diff --git a/sys-process/audit/files/auditd-conf.d-2.1.3 b/sys-process/audit/files/auditd-conf.d-2.1.3
new file mode 100644
index 0000000..b5f389e
--- /dev/null
+++ b/sys-process/audit/files/auditd-conf.d-2.1.3
@@ -0,0 +1,23 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
+
+# If you want to enforce a certain locale for auditd, 
+# uncomment one of the next lines:
+#AUDITD_LANG=none
+AUDITD_LANG=C
+#AUDITD_LANG=en_US
+#AUDITD_LANG=en_US.UTF-8

diff --git a/sys-process/audit/files/auditd-init.d-2.2.1 b/sys-process/audit/files/auditd-init.d-2.2.1
new file mode 100644
index 0000000..5823181
--- /dev/null
+++ b/sys-process/audit/files/auditd-init.d-2.2.1
@@ -0,0 +1,100 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-2.1.3,v 1.1 2011/09/11 02:58:55 robbat2 Exp $
+
+extra_started_commands='reload reload_auditd reload_rules'
+description='Linux Auditing System'
+description_reload='Reload daemon configuration and rules'
+description_reload_rules='Reload daemon rules'
+description_reload_auditd='Reload daemon configuration'
+
+name='auditd'
+pidfile='/var/run/auditd.pid'
+command='/sbin/auditd'
+
+start_auditd() {
+	# Env handling taken from the upstream init script
+	if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+		unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+	else
+		LANG="$AUDITD_LANG"
+		LC_TIME="$AUDITD_LANG"
+		LC_ALL="$AUDITD_LANG"
+		LC_MESSAGES="$AUDITD_LANG"
+		LC_NUMERIC="$AUDITD_LANG"
+		LC_MONETARY="$AUDITD_LANG"
+		LC_COLLATE="$AUDITD_LANG"
+		export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+	fi
+	unset HOME MAIL USER USERNAME
+
+	ebegin "Starting ${name}"
+	start-stop-daemon \
+		--start --quiet --pidfile ${pidfile} \
+		--exec ${command} -- ${EXTRAOPTIONS}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+stop_auditd() {	
+	ebegin "Stopping ${name}"
+	start-stop-daemon --stop --quiet --pidfile ${pidfile}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+
+loadfile() {
+	local rules="$1"
+	if [ -n "${rules}" -a -f "${rules}" ]; then
+		einfo "Loading audit rules from ${rules}"
+		/sbin/auditctl -R "${rules}" 1>/dev/null
+		return $?
+	else
+		return 0
+	fi
+}
+
+start() {
+	start_auditd
+	local ret=$?
+	if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
+		if [ ! -d "/run/lock/subsys" ]; then
+			mkdir -p /run/lock/subsys
+		fi
+		touch /run/lock/subsys/${name}
+		loadfile "${RULEFILE_STARTUP}"
+	fi
+	return $ret
+}
+
+reload_rules() {
+	loadfile "${RULEFILE_STARTUP}"
+}
+
+reload_auditd() {
+	[ -f ${pidfile} ] && kill -HUP `cat ${pidfile}`
+}
+
+reload() {
+	reload_auditd
+	reload_rules
+}
+
+stop() {
+	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
+	stop_auditd
+	rm -f /var/lock/subsys/${name}
+	local ret=$?
+	[ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
+	return $ret
+}
+
+# This is a special case, we do not want to touch the rules at all
+restart() {
+	stop_auditd
+	start_auditd
+}